CISSP for Dummies

Posted on by Ben Rothke

The CISSP is the most popular and arguably most valuable information security certification.  While SANS GIAC certifications are technically more intensive, the CISSP is the 900-pound gorilla of information security certifications.

For those looking for a CISSP review guide, CISSP for Dummies, despite its title, is a worthwhile reference.

The book provides a thorough overview of the (ISC) ² Common Body of Knowledge (CBK).  The CBK is a collection of 10 topic areas most relevant to information security.

Printed in August 2012, the book covers the most current iteration of the CBK.

The book provides a good balance between depth and breath, and does not get bogged down in minutia like some other CISSP study guides.

The only negative thing about the book is that the author’s suggest a 60-day study plan for certification.  I have found that for most people 60 days may be a bit aggressive. 3-4 months is a good guideline to use. That gives a person one week per CBK module (and 2 weeks for the cryptography domain), with time for a review and break in between.

The book also includes a 250-question practice exam which can give the ready a relatively good feel for how likely they are to passing the exam.  Note though that this practice exam like most, are written by security professionals, not a psychometrician; so it should be taken with a grain of salt.

Most CISSP test strategies recommend using 2 main books for CISSP preparation.  For those looking for a practical and useful guide to preparing for the CISSP exam, CISSP for Dummies should definitely be one of those two guides.

Ben Rothke

Senior Information Security Manager, Tapad

data security professional development & workforce

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community